Closed
Bug 319082
Opened 19 years ago
Closed 19 years ago
"new Bugzilla::User($uid)" allows you to pass invalid $uid
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.20
People
(Reporter: LpSolit, Assigned: LpSolit)
References
Details
Attachments
(1 file, 1 obsolete file)
1.34 KB,
patch
|
mkanat
:
review+
|
Details | Diff | Splinter Review |
new() in User.pm doesn't make sure that its parameter is a valid integer. This allows me to edit a user with ID = "1k"! Well, PostgreSQL complains, but MySQL is happy with that: mysql> select bug_id from bugs where bug_id="1k"; +--------+ | bug_id | +--------+ | 1 | +--------+
Assignee | ||
Comment 1•19 years ago
|
||
Comment 2•19 years ago
|
||
Does this fix bug 319090, too?
Assignee | ||
Updated•19 years ago
|
Attachment #204989 -
Flags: review?(mkanat)
Comment 3•19 years ago
|
||
Comment on attachment 204989 [details] [diff] [review] patch, v1 I like the codce, it looks fine. But I preferred the old error message, because it gave more information.
Attachment #204989 -
Flags: review?(mkanat) → review-
Assignee | ||
Comment 4•19 years ago
|
||
I'm now leaving the actual error message as is.
Attachment #204989 -
Attachment is obsolete: true
Attachment #205554 -
Flags: review?(mkanat)
Attachment #204989 -
Flags: review?(bugreport)
Assignee | ||
Comment 5•19 years ago
|
||
FYI, an easy way to test my patch is to go to editusers.cgi?action=edit&userid=ddd.
Assignee | ||
Updated•19 years ago
|
Attachment #205554 -
Flags: review?(wurblzap)
Comment 6•19 years ago
|
||
Comment on attachment 205554 [details] [diff] [review] patch, v2 Yes, looks fine to me.
Attachment #205554 -
Flags: review?(mkanat) → review+
Assignee | ||
Updated•19 years ago
|
Flags: approval?
Flags: approval2.20?
Assignee | ||
Updated•19 years ago
|
Attachment #205554 -
Flags: review?(wurblzap)
Updated•19 years ago
|
Flags: approval?
Flags: approval2.20?
Flags: approval2.20+
Flags: approval+
Assignee | ||
Comment 7•19 years ago
|
||
tip: Checking in Bugzilla/User.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm new revision: 1.98; previous revision: 1.97 done 2.20: Checking in Bugzilla/User.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm new revision: 1.61.2.14; previous revision: 1.61.2.13 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•